The present invention relates generally to an improvement in filtering internet access. Building a one to one relationship on the internet can also be provided by this invention. In other words, rules other then filtering can be applied to the user. In particular, the present invention provides a system that recognizes and customizes individual internet access within a network.
The issue of varying levels of internet access arises in connection with public libraries. Public libraries are not immune to the 1st Amendment of the United States Constitution. Adult patrons have the freedom to access and read whatever type of internet sites protected by the 1st Amendment they choose. The present invention allows public libraries to offer a system that protects this freedom and still protects children from unsuitable internet sites, as selected by their parents. A server is provided (located on the internet) to register a user with the system and store information on whether the user is authorized to access certain internet sites. A carding station is provided to generate a personal smart card for the user. The smart card includes a read only memory. The smart card may be any ISO Standard Smart Card that stores a serial number that correlates with information about the user stored in the server. An internet station allows the user to view the internet only by inserting the personal smart card into a card reader and confirming that he/she is using his/her own card. In cooperation with the server, the internet station controls the user""s access to the internet sites based on whether the data in the server indicates that the user is authorized to access the sites. The internet connection provided at the internet station is over public lines and data that is transferred to authenticate the user is secured by a secure sockets layer (xe2x80x9cSSLxe2x80x9d) protocol.
While the Internet provides virtually unlimited access to a wide variety of information and services (both protected by the 1st amendment of the United States Constitution and unprotected due to federal, state and local laws), much of the information is unsuitable for certain age groups and is offensive to other groups or individuals. Therefore, public institutions, libraries and schools, are increasingly requiring an efficient and cost-effective infrastructure to administer and manage internet access according to the needs of different user groups. Some effort has been made to address this need by providing systems that restrict user access to particular internet sites. An example is shown in U.S. Pat. No. 5,937,404 to Csaszar et al.
While this system provides its patrons with access to only pre-approved internet sites and allows its patrons to search and review the approved sites with a reference card, it has the drawback of restricting the internet access of all of the patrons to a single set of approved sites that are stored on a server. For example, adults are only able to access the same set of approved sites that children are authorized to access. Further, adults that find certain internet sites offensive are unable to custom filter their internet access according to their interests. In order to provide customization of internet access, a plurality of servers must be provided and individual modules of software must be stored on different computers within the system.
Other types of internet filtering systems have been on the market, such as a system called GuardiaNet that was formerly sold by One Place, L.L.C., a predecessor of the assignee of the present application. The GuardiaNet system customized individual internet access by providing an encrypted xe2x80x9cserial numberxe2x80x9d directly on the PC""s hard disk drive and also had the ability to encrypt the serial number to a 3.5xe2x80x3 standard Floppy Disk as well as to a personalized card with a microprocessor chip. Each card included a processor that stored information on internet sites the user was authorized to access. The user was able to access the internet only with his or her card and a server controlled the internet sites displayed during the user""s session based on the information stored on the user""s card. Even though the GuardiaNet system provided customized internet access, the system was not economical because the cards used in the system were too expensive. More specifically, the cost of each card was approximately $7.00 because each card included a microprocessor. Thus, the cost of distributing cards to all members of the public who may use a public library may quickly become prohibitive, as would the cost of replacing the card each time it was lost or stolen. Further, the GuardiaNet filtering software used a very complex security system to protect data transferred during each internet connection. The GuardiaNet filtering software encrypted data on an application level to establish secure communication pathways between a secured network and a user on a public, unsecured network. The security system established gateways or firewalls between the internet and any party desiring protection, and encrypted all data transmitted across the internet connection. This robust security system led to undesirably slow connection due to the fact that it was encrypting all data, graphic, and applications traversing the internet connection.
Accordingly, there is a need in the art for a faster and more economical system to customize individual or group internet access without having to separate computers for different types of users within the system.
The present invention fulfills this need in the art by providing a system that customizes individual internet access comprising an internet server that registers a user with the system, stores information regarding internet sites the user is authorized to access, and controls the user""s access to the internet sites based on the information stored in the server for the specific user.
The system further includes a carding station that generates a personal smart card for the user and an internet stations that allows the user to view the internet with the personal smart card. The personal smart stores information that identifies the user to enable the server to control the user""s access to the internet sites and does not include a microprocessor. However, the card could have a processor for other purposes and still be within the scope of this invention. The term xe2x80x9cnot including a microprocessor should be so construed.
The user is registered with the system by entry of personal identification information about the user at the carding station. The user is also registered with the system by entry of a personal identification number, password, fingerprint and/or other biometric data that provides security for the personal smart card. Further, the user is registered with the system by entry of the information regarding the internet sites the user is authorized to access. In addition, by utilizing the authentication method of a portable smart card associated to a trusted password communicating to the internet server, the system operates in an IP independent state. This is to say that the cardholder is able to gain his approved access from any computer employing the internet station software and card reader.
The server controls the users access to the internet sites by granting or denying requests from the internet station to display the internet sites, based on the information stored in the server regarding the internet sites the user is authorized to access. That information includes an access level selected from the group consisting of an unfiltered internet access level, a filtered internet access level, and a restricted internet access level. The unfiltered access level gives the user full access to all internet sites. The filtered internet access level blocks the user""s access to one or more predetermined internet sites. The restricted internet access level blocks the user""s access to any internet site that is not included in a predetermined set of approved internet sites. The predetermined internet sites for the filtered and restricted internet access levels may be chosen by the individual, or parent or guardian of the user that is using the system. In addition, some of the predetermined internet sites may be chosen by the system administrator. Further, some of the predetermined internet sites for the restricted internet access level may be chosen by a third party who has previewed the sites and determined them to be generally safe for all ages, truthful, and including valuable and authentic information. The server also controls the user""s access to specific internet sites by reviewing a requested internet site and blocking the site if it contains selected material.
The personal smart card includes a read only memory that stores the information that identifies the user. The read only memory on the personal smart card is configured as a storage area selected from the group consisting of an encoded memory chip, a, a bar code, and machine readable indicia. The information that identifies the user is unique to that personal smart card and differentiates it from similar personal smart cards.
The carding station preferably includes a digital camera for taking a photograph of the user and card production software to print the photograph of the user on the personal smart card. The carding station also includes a card printer for printing the personal smart card. Once the card has been produced, the information on the smart card is associated with the user""s name, geographical information, personal password etc. and is stored on the system server located on the internet as distinct from local servers/PCs.
The internet station includes a data display unit selected from the group consisting of a computer terminal, a telephone, a pager, a television, and a personal digital assistant, the internet station also includes a card reader for reading the personal smart card. The user is able to view the internet from the internet station by insertion of the personal smart card into the card reader and authentication that the user is using his/her own personal smart card. The personal smart card may be authenticated by entry of a personal identification number or password that is associated with the personal smart card. The personal smart card also may be authenticated by verification of a fingerprint of the user.
The internet station can use any xe2x80x9cstandard to the internet browserxe2x80x9d such as Microsoft""s Internet Explorer v.5.x and Netscape Navigator v.4.x. A predetermined xe2x80x9chomepagexe2x80x9d is set in the browser in the normal manner. The software in the internet station may be may be programmed to allow the viewing of certain xe2x80x9cauthentication not presentxe2x80x9d internet pages that are associated with the facility providing the public access. This is to insure that in the public, citizens have the ability to view and respond to information about their local area without having to register for usage. When this xe2x80x9clocal domainxe2x80x9d is left, such as, by selection of another Domain or Universal Resource Locator (URL), the user will be prompted that xe2x80x9ca smart card is requiredxe2x80x9d. On insertion of the user""s smart card, the user is prompted for a xe2x80x9cpasswordxe2x80x9d. If the smart card and password matches, the user is then granted access to the Internet in accordance with the access rules that have been registered in association with the user. When the user has finished with browsing the internet and the smart card is removed from the reader, the software shuts down the browser, reopens the browser and resets to display the facility""s homepage.
The server may also include information regarding the a maximum amount of time the user may view the internet during a time interval e.g. 4 hours out of 24, resetting to the user""s registered maximum daily access time at midnight. The server may also store a maximum number of pages the user may print during a time interval. The server may also include information on an amount of money that is credited to the user""s account. In addition, the server may include one or more bookmarks to internet sites that are selected by the user.
The system further includes a secure sockets layer protocol that provides security for data transferred across an internet connection. Preferably, the secure sockets layer protocol includes Microsoft""s CrptoAPI(copyright). The secure sockets layer protocol enables the carding station to encrypt the data and use hypertext transfer protocol to communicate with the server.
The present invention further provides a carding station that communicates information about the user to the internet server such as the user""s name, personal password, access rules, and other information that the facility wishes to associate with the user. This station associates this information with a serial number that is encoded to a memory area of the smart card. As a part of the registration process, this information creates a user defined xe2x80x9caccountxe2x80x9d in the internet database securely located on the internet server. The carding station produces, by means of dye sublimation, printing the user""s smart card from blank white smart card stock as supplied from any number of vendors. The personalization station has the ability to format the necessary data to fully print the card including but not limited to the portrait, name, other identifying textural information, and the basic identifying indicia of the facility issuing the smart card. Furthermore, after the automatic creation of this user database account, an administrator of the facility has the ability to securely retrieve this data on the internet by authenticating him/herself as an administrator to the facility associated with the user. Once this administrator authentication has taken place, the administrator has the ability to further define the information, make updates, look up passwords, or delete the account as needed. The user is associated as an individual with sole rights to certain amounts of internet content or as a part of a predefined group of users all having the same basic access rights. It is possible to associate an individual to a group of individuals and to also give individuals in this group slightly different access rights to access or deny certain areas of internet content. In other words, it is possible to xe2x80x9cbase assignxe2x80x9d an individual to a group and to add or delete internet sites for the one individual from that base list. It is also possible to register an individual as an administrator of a smaller group with each person in the group having different access rights, all managed by the administrator.
The present invention further provides a method of customizing individual 10 internet access in a system comprising the acts of registration of a user with the system by entry of information about the user at a carding station, storing in a server information on whether the user is authorized to access specific internet sites, generating a personal smart card for the user at a carding station, the personal smart card including information that uniquely identifies the user and not including a microprocessor, reading the personal smart card at an internet station, identifying the user based on the information stored on the personal smart card, controlling the user""s access to the specific internet sites based on the information stored in the server regarding whether the user is authorized to access the specific internet sites, and displaying the internet at the internet station.
The personal smart card of the present invention preferably includes a photograph of the user of the system and a read only memory that stores information identifying the user to enable the system to control the user""s internet access. The personal smart card could include a microprocessor depending on other actions the facility would like to associate with the smart card, as noted above.
In a preferred embodiment, the server of the present invention includes a registration module that registers a user with the system, a database that stores information regarding a first set of internet sites the user is authorized to access, an administration module that executes an active server page when an internet site is requested to be displayed, and a deny module that grants or denies a request to display an internet site based on the information stored in the database regarding the first set of internet sites the user is authorized to access.
Preferably, the carding station includes a registration module that enables entry of information about a user into the system to register the user with the system and has a data transfer capability for transfer of entered user information between the carding station and a internet or local server. The carding station also includes a camera that takes a photograph of the user, and a card printer that generates a personal smart card not including a microprocessor for the user, the personal smart card including information that identifies the user correlated with the entered user information transferred to a server.
In a preferred embodiment, the internet station includes a card reader that reads a read only memory, and not a microprocessor, on a personal smart card issued to a user to obtain information that identifies the user to control the user""s internet access. The internet station also includes an authentication module that verifies that the user is using his/her own personal smart card, an internet browser that allows the user to search the internet, a shim that communicates with the internet browser and has a port for connection to a server to request permission from the server to display an internet site requested by the user, and a WSOCK that communicates with the shim and displays the internet site requested by the user if permission is granted by the server.